Single Sign On:
Kerberos based : It required credentials and offer a ticket.
Smart Card Based : use smart card to get the credential.
Enterprise SSO : Design to solve the problem of introduce credentials in several systems inside the organisation.
Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. SSO is a common procedure in enterprises, where a user logs in once and gains access to all systems without being prompted to log in again at each of them.This is typically accomplished using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on servers.
Single Sign On Types:
Kerberos based : It required credentials and offer a ticket.
Smart Card Based : use smart card to get the credential.
Enterprise SSO : Design to solve the problem of introduce credentials in several systems inside the organisation.
Single Sign On System Components:
The Single Sign-On system consists of a Credential database, a master secret server, and one or more Single Sign-On servers.
An associate application is a logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connecting using Enterprise Single Sign-On.
The Credential database is the SQL Server database that stores the information about the associate applications, as well as all the encrypted user credentials to all the affiliate applications.
The SSO system also contains one or more SSO servers. These servers do the mapping between the Windows and back-end credentials and look up the identification in the Credential database. Administrators use them to maintain the SSO system.
SSO advantages include:
- Eliminates credential re-authentication and help desk requests; thus, improving productivity.
- Streamlines local and remote application and desktop workflow.
- Minimizes phishing.
- Improves compliance through a centralized database.
- Provides detailed user access reporting.
Centralize Authentication Service:
Centralized Authentication Service (CAS) is the Solution scenario of Single sign On. CAS is a Single Sign on Protocol for the web. Its purpose is to permit a user to log into multiple applications simultaneously.
CAS Protocol Steps:
User access to website.
Website redirects to CAS
CAS ask for credentials.
CAS send tickets and redirects.
Service validate ticket with CAS.
Service gets User.
Service allows user access.
Working of CAS:
1. CAS is a Ticket based authentication token.
2. In which the User will forwarded to CAS Login Server.
3. User will authenticate using their credentials like username and password. Which will create authentication ticket.
4. Ticket will redirect to audit console. Where it checks validity of the ticket.
5. If the Ticket is valid, it allows user to logs with that ticket.
CAS Actors:
Authentication Central
Services
Proxies
Target
Enterprise Single Sign on Solutions:
Open Source
Well Documented
Scalable
Modular and highly pluggable
Password security management can be a key nuisance for users and enterprise IT alike as password strategy can cause irritation for users when they have multiple passwords to remember. End-users often write their passwords down and leave them by their workstation - a serious enterprise security issue. Or they forget their passwords and have to put efficiency on hold while they make costly calls to the IT help desk to perform a password reset.
Enterprise Single Sign-On (SSO) solutions can potentially determine these issues by enabling users to sign in just once to the network and have access to all the applications they are certified to access - eliminating password headaches and enabling productivity.
0 comments:
Post a Comment